From: Eli Zaretskii <eliz@gnu.org>
To: Daniel Colascione <dancol@dancol.org>
Cc: aurelien.aptel+emacs@gmail.com, p.stephani2@gmail.com,
eggert@cs.ucla.edu, tzz@lifelogs.com, emacs-devel@gnu.org
Subject: Re: Dynamic modules: MODULE_HANDLE_SIGNALS etc.
Date: Tue, 22 Dec 2015 18:12:07 +0200 [thread overview]
Message-ID: <83io3qqx7s.fsf@gnu.org> (raw)
In-Reply-To: <5678EA4E.6080606@dancol.org> (message from Daniel Colascione on Mon, 21 Dec 2015 22:14:38 -0800)
> Cc: aurelien.aptel+emacs@gmail.com, p.stephani2@gmail.com, tzz@lifelogs.com,
> emacs-devel@gnu.org
> From: Daniel Colascione <dancol@dancol.org>
> Date: Mon, 21 Dec 2015 22:14:38 -0800
>
> And even if it were OK for (say) 'cat' to dump core due to
> > stack overflow in a typical environment (which it's not), Emacs is more
> > important than 'cat', because people use it as an interactive text
> > editor and do not want to lose their work.
> >
> >> we already crash if we overflow the stack while we're GCing.
> >
> > If so, that's a bug that should get fixed. It's not an excuse to
> > introduce similar bugs.
> >
> > Really, the idea that it's OK for Emacs to crash is a nonstarter. Emacs
> > should not crash.
>
> Ideally, we wouldn't have bugs. But we do, and when we hit them, we
> should crash reliably and deterministically if we can't recover
> reliably.
I'm sorry, Daniel, but that kind of philosophy is a non-starter with
Emacs. Saving the user's work even in some cases is much better than
not saving it at all. And the current scheme is quite reliable, it
works in many scenarios, though not all of them.
As for bugs that cause fatal errors, Emacs always tried to catch them
and at least auto-save. This also doesn't work with 100% reliability,
but it saved me my work many times in the past. It would be a step
backward to give up that, just because it's not bullet-proof.
IOW, crashing reliably is an anti-thesis for Emacs, has been for as
long as I can remember. And for very good reasons, IMO. We are not
going to change that.
> The current stack overflow scheme can't recover reliably because it
> doesn't fix maintain invariants. There are ways to fix it --- e.g.,
> we can make our own guard pages, mark them PROT_NONE, and on stack
> overflow, mark them PROT_READ | PROT_WRITE long enough to reach
> eval, *then* signal, but I don't think it's worth it.
Improvements to the current recovery are welcome, although what you
suggest might run afoul of constant changes in the OS internals, so it
could be fragile (or perhaps even impossible on some systems). Still,
if you have patches to propose, please do, and thanks.
Bottom line, I mostly agree with Paul: we should keep the stack
overflow recovery. We should also try improving it as much as
possible, in particular wrt modules. However, I don't think letting
modules run arbitrary stack unwinders, let alone Lisp handlers, when
we detect a stack overflow is a good idea, because the alternate stack
is too small for that, and will run higher risk defeating the
recovery.
next prev parent reply other threads:[~2015-12-22 16:12 UTC|newest]
Thread overview: 177+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-25 18:39 Dynamic modules: MODULE_HANDLE_SIGNALS etc Eli Zaretskii
2015-11-25 18:50 ` Philipp Stephani
2015-11-25 19:24 ` Eli Zaretskii
2015-11-26 21:29 ` Paul Eggert
2015-11-27 7:35 ` Eli Zaretskii
2015-11-27 19:19 ` Philipp Stephani
2015-11-28 10:58 ` Philipp Stephani
2015-11-28 12:10 ` Eli Zaretskii
2015-12-19 21:03 ` Philipp Stephani
2015-12-19 22:57 ` Philipp Stephani
2015-12-20 15:47 ` Eli Zaretskii
2015-12-20 18:34 ` Philipp Stephani
2015-12-20 19:11 ` Eli Zaretskii
2015-12-20 21:40 ` Paul Eggert
2015-12-21 3:33 ` Eli Zaretskii
2015-12-21 11:00 ` Paul Eggert
2015-12-21 11:21 ` Yuri Khan
2015-12-21 11:34 ` Paul Eggert
2015-12-21 15:46 ` Eli Zaretskii
2015-12-21 18:15 ` Paul Eggert
2015-12-21 18:28 ` Daniel Colascione
2015-12-21 19:00 ` Eli Zaretskii
2015-12-21 20:19 ` Philipp Stephani
2015-12-21 19:04 ` Eli Zaretskii
2015-12-22 4:09 ` Paul Eggert
2015-12-22 4:38 ` Daniel Colascione
2015-12-22 4:48 ` Paul Eggert
2015-12-22 4:52 ` Daniel Colascione
2015-12-22 6:09 ` Paul Eggert
2015-12-22 6:14 ` Daniel Colascione
2015-12-22 6:33 ` Paul Eggert
2015-12-22 6:35 ` Daniel Colascione
2015-12-22 6:44 ` Paul Eggert
2015-12-22 6:53 ` Daniel Colascione
2015-12-22 16:13 ` Eli Zaretskii
2015-12-22 16:12 ` Eli Zaretskii [this message]
2015-12-22 17:26 ` Philipp Stephani
2015-12-22 17:51 ` Eli Zaretskii
2015-12-22 16:03 ` Eli Zaretskii
2015-12-22 16:39 ` Paul Eggert
2015-12-22 17:46 ` Eli Zaretskii
2015-12-22 23:28 ` Paul Eggert
2015-12-23 16:10 ` Eli Zaretskii
2015-12-23 16:20 ` Philipp Stephani
2015-12-23 16:46 ` Eli Zaretskii
2015-12-23 17:09 ` Paul Eggert
2015-12-23 17:18 ` Daniel Colascione
2015-12-24 2:51 ` Paul Eggert
2015-12-24 3:11 ` Daniel Colascione
2015-12-24 16:10 ` Eli Zaretskii
2015-12-24 17:04 ` Daniel Colascione
2015-12-24 17:17 ` John Wiegley
2016-01-03 14:27 ` Daniel Colascione
2016-01-03 15:46 ` Eli Zaretskii
2016-01-03 15:49 ` Daniel Colascione
2016-01-03 16:40 ` Eli Zaretskii
2016-01-03 16:50 ` Daniel Colascione
2016-01-03 17:20 ` Eli Zaretskii
2016-01-03 16:31 ` Paul Eggert
2016-01-03 16:48 ` Daniel Colascione
2016-01-03 18:07 ` Paul Eggert
2016-01-03 18:22 ` Daniel Colascione
2016-01-03 21:02 ` Paul Eggert
2016-01-03 21:12 ` Daniel Colascione
2016-01-03 23:11 ` Paul Eggert
2016-01-03 23:22 ` Daniel Colascione
2016-01-03 23:29 ` John Wiegley
2016-01-04 1:05 ` Paul Eggert
2016-01-04 1:07 ` Daniel Colascione
2016-01-04 15:38 ` Eli Zaretskii
2016-01-04 15:40 ` Daniel Colascione
2016-01-04 16:07 ` Eli Zaretskii
2016-01-04 20:32 ` John Wiegley
2016-01-04 20:34 ` Daniel Colascione
2016-01-04 20:35 ` Daniel Colascione
2016-01-04 22:06 ` John Wiegley
2016-01-04 15:24 ` Eli Zaretskii
2016-01-04 15:28 ` Daniel Colascione
2016-01-04 16:00 ` Eli Zaretskii
2016-01-03 17:16 ` Eli Zaretskii
2016-01-03 17:22 ` Daniel Colascione
2016-01-03 17:39 ` Eli Zaretskii
2016-01-03 17:49 ` Daniel Colascione
2016-01-03 18:08 ` Eli Zaretskii
2016-01-03 18:24 ` Daniel Colascione
2016-01-03 18:51 ` Eli Zaretskii
2016-01-03 19:04 ` Daniel Colascione
2016-01-03 19:15 ` Eli Zaretskii
2016-01-03 19:26 ` Daniel Colascione
2016-01-03 19:46 ` Eli Zaretskii
2016-01-03 19:47 ` Daniel Colascione
2016-01-03 19:49 ` John Wiegley
2016-01-03 20:14 ` Daniel Colascione
2016-01-04 3:17 ` Richard Stallman
2016-01-03 18:17 ` Paul Eggert
2016-01-03 17:43 ` Eli Zaretskii
2016-01-03 20:25 ` John Wiegley
2016-01-03 20:47 ` Daniel Colascione
2016-01-03 21:07 ` John Wiegley
2016-01-03 21:28 ` Daniel Colascione
2016-01-03 21:31 ` Daniel Colascione
2016-01-04 15:27 ` Eli Zaretskii
2016-01-04 15:29 ` Daniel Colascione
2016-01-04 16:01 ` Eli Zaretskii
2016-01-03 21:45 ` John Wiegley
2016-01-03 22:20 ` Daniel Colascione
2016-01-03 22:43 ` Crash recovery strategies (was: Dynamic modules: MODULE_HANDLE_SIGNALS etc.) John Wiegley
2016-01-03 22:55 ` Crash recovery strategies Daniel Colascione
2016-01-03 22:59 ` John Wiegley
2016-01-03 23:04 ` Daniel Colascione
2016-01-03 23:20 ` John Wiegley
2016-01-03 23:47 ` John Wiegley
2016-01-03 23:51 ` Daniel Colascione
2016-01-04 0:12 ` John Wiegley
2016-01-04 15:40 ` Eli Zaretskii
2016-01-04 15:44 ` Daniel Colascione
2016-01-04 15:33 ` Eli Zaretskii
2016-01-04 15:34 ` Daniel Colascione
2016-01-04 16:02 ` Eli Zaretskii
2016-01-03 23:21 ` Paul Eggert
2016-01-03 23:24 ` Daniel Colascione
2016-01-03 23:28 ` John Wiegley
2016-01-04 0:51 ` Paul Eggert
2016-01-03 23:27 ` John Wiegley
2016-01-03 23:29 ` Daniel Colascione
2016-01-03 23:33 ` Sending automatic crash reports to the FSF (was: Crash recovery strategies) John Wiegley
2016-01-03 23:36 ` Sending automatic crash reports to the FSF Daniel Colascione
2016-01-03 23:39 ` John Wiegley
2016-01-03 23:48 ` Daniel Colascione
2016-01-04 1:34 ` Crash recovery strategies Drew Adams
2016-01-04 15:32 ` Crash recovery strategies (was: Dynamic modules: MODULE_HANDLE_SIGNALS etc.) Eli Zaretskii
2016-01-04 15:35 ` Crash recovery strategies Daniel Colascione
2016-01-04 16:04 ` Eli Zaretskii
2016-01-05 4:48 ` Richard Stallman
2016-01-05 15:52 ` Eli Zaretskii
2016-01-05 16:37 ` Clément Pit--Claudel
2016-01-05 17:08 ` Eli Zaretskii
2016-01-05 17:38 ` Clément Pit--Claudel
2016-01-04 15:31 ` Dynamic modules: MODULE_HANDLE_SIGNALS etc Eli Zaretskii
2016-01-04 15:41 ` Daniel Colascione
2016-01-04 16:13 ` Eli Zaretskii
2016-01-04 15:29 ` Eli Zaretskii
2016-01-04 15:26 ` Eli Zaretskii
2015-12-24 17:36 ` Eli Zaretskii
2015-12-24 18:06 ` Daniel Colascione
2015-12-24 19:15 ` Eli Zaretskii
2015-12-22 16:01 ` Eli Zaretskii
2015-12-22 16:32 ` John Wiegley
2015-12-22 20:31 ` Daniel Colascione
2015-12-22 20:46 ` Eli Zaretskii
2015-12-22 20:52 ` Daniel Colascione
2015-12-22 21:08 ` Eli Zaretskii
2015-12-22 21:18 ` Daniel Colascione
2015-12-23 16:07 ` Eli Zaretskii
2015-12-23 16:25 ` Crash robustness (Was: Re: Dynamic modules: MODULE_HANDLE_SIGNALS etc.) Daniel Colascione
2015-12-23 17:30 ` Eli Zaretskii
2015-12-23 17:41 ` Daniel Colascione
2015-12-23 17:55 ` Eli Zaretskii
2015-12-23 17:56 ` Daniel Colascione
2015-12-23 18:09 ` Eli Zaretskii
2015-12-23 18:19 ` Daniel Colascione
2015-12-23 18:45 ` Eli Zaretskii
2015-12-24 3:26 ` Daniel Colascione
2015-12-21 18:57 ` Dynamic modules: MODULE_HANDLE_SIGNALS etc Eli Zaretskii
2015-12-21 20:15 ` Philipp Stephani
2015-12-20 15:48 ` Eli Zaretskii
2015-12-20 18:27 ` Philipp Stephani
2015-12-20 19:00 ` Eli Zaretskii
2015-12-20 21:00 ` Philipp Stephani
2017-03-26 20:18 ` Philipp Stephani
2016-02-29 22:48 ` Philipp Stephani
2016-03-01 16:41 ` Paul Eggert
2016-03-01 21:43 ` Philipp Stephani
2016-03-02 18:54 ` Paul Eggert
2016-03-31 18:44 ` Philipp Stephani
2016-04-01 8:29 ` Paul Eggert
2015-11-28 23:20 ` Paul Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=83io3qqx7s.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=aurelien.aptel+emacs@gmail.com \
--cc=dancol@dancol.org \
--cc=eggert@cs.ucla.edu \
--cc=emacs-devel@gnu.org \
--cc=p.stephani2@gmail.com \
--cc=tzz@lifelogs.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).